So I looked into this a bit more and based on http://www.postfix.org/postconf.5.html#smtp_tls_CAfile is doesn't appear to me that the ca-certificates.crt file needs to be in the chroot at all. What happens if you just delete the chroot copy? Looking in the git history, I can see we used to install this file into the chroot, but I'm not sure we needed to.
-- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ca-certificates in Ubuntu. https://bugs.launchpad.net/bugs/1915238 Title: warning: /var/spool/postfix/etc/ssl/certs/ca-certificates.crt and /etc/ssl/certs/ca-certificates.crt differ Status in ca-certificates package in Ubuntu: Confirmed Status in postfix package in Ubuntu: Triaged Status in postfix package in Debian: New Bug description: Postfix package doesn't utilize update-ca-certificate's hooks mechanism. By simply copying certs from /etc/ssl/certs/ca- certificates.crt to /var/spool/postfix/etc/ssl/certs/ca- certificates.crt, this warning and potential security issues could be avoided. Something like this would be a start: $ cat /etc/ca-certificates/update.d/postfix #!/bin/bash if [ -e /var/spool/postfix/etc/ssl/certs/ca-certificates.crt ]; then echo "Updating postfix chrooted certs" cp /etc/ssl/certs/ca-certificates.crt /var/spool/postfix/etc/ssl/certs/ca-certificates.crt systemctl reload postfix fi To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ca-certificates/+bug/1915238/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp